The Management The Management Information BaseInformation Base
and how it can be used for and how it can be used for Proactive Network Proactive Network
Management Management
By Victor Antonov
Internet network management Internet network management frameworkframework
• MIB: management information MIB: management information basebase
• SMI: data definition languageSMI: data definition language• SNMP: protocol for network SNMP: protocol for network
managementmanagement• security and administrationsecurity and administration
The MIBThe MIB
Located on each network deviceLocated on each network device Contains statistics about each Contains statistics about each
managed object:managed object:• Actual pieces of hardwareActual pieces of hardware• Configuration parametersConfiguration parameters• Performance statisticsPerformance statistics
Information is gathered through Information is gathered through SNMP protocolSNMP protocol
The MIB ModulesThe MIB Modules More than 200 standard MIB modulesMore than 200 standard MIB modules Large number of vendor-specific (private) Large number of vendor-specific (private)
modulesmodules Identification and classification systemIdentification and classification system
• Part of the ASN.1 (Abstract Syntax Notation One) object Part of the ASN.1 (Abstract Syntax Notation One) object definition languagedefinition language
• Naming is achieved in hierarchical (tree) manner where Naming is achieved in hierarchical (tree) manner where each branch point is given both a name and a numbereach branch point is given both a name and a number
• Using these two parameters, each object, being a point Using these two parameters, each object, being a point in the tree, is identifiable through the path from the root in the tree, is identifiable through the path from the root to its place in the tree. to its place in the tree.
• MIB modules are found under the MIB-2 branches. MIB modules are found under the MIB-2 branches. There are modules for TCP, IP, UDP, etc, as well as for There are modules for TCP, IP, UDP, etc, as well as for
system, interface and address translation.system, interface and address translation.
How is the MIB used?How is the MIB used? Analysis of the data is needed in order to Analysis of the data is needed in order to
form a policy or to take actions against form a policy or to take actions against exceptional conditions. exceptional conditions.
People are often neededPeople are often needed• able to think creatively, as well as analyticallyable to think creatively, as well as analytically• foresee problems and act in advance. foresee problems and act in advance.
Automated managementAutomated management• takes care of the network basically all the time takes care of the network basically all the time
this network is operational. this network is operational. • cannot take preemptive actions unless cannot take preemptive actions unless • more complicated algorithms are needed to more complicated algorithms are needed to
achieve successful automation.achieve successful automation.
Proactive Network ManagementProactive Network Management
Typically a human taskTypically a human task Monitor the system variables to identify Monitor the system variables to identify
untypical and erroneous trendsuntypical and erroneous trends Use real-time data mining as opposed to Use real-time data mining as opposed to
analytical models which are to be used analytical models which are to be used laterlater• an intelligent, self-learning algorithm will utilize an intelligent, self-learning algorithm will utilize
data mining as training input and once data mining as training input and once deployed, it will ideally detect hazardous deployed, it will ideally detect hazardous situations before they become a problem.situations before they become a problem.
Currently Proposed Automated Currently Proposed Automated Congestion Avoidance SolutionsCongestion Avoidance Solutions
Centrally managed/coordinated neural Centrally managed/coordinated neural networks and learning algorithmsnetworks and learning algorithms• Problem: scalability (as the network grows, Problem: scalability (as the network grows,
handling can “go out of hand”)handling can “go out of hand”) Decentralized approachDecentralized approach
• Active Queue Management. Active Queue Management. • Congestion indicators: arrival and departure Congestion indicators: arrival and departure
rates of traffic at each node.rates of traffic at each node.• Fault prediction system based on Bayesian Fault prediction system based on Bayesian
Belief Networks…Belief Networks…• Or based on statistical techniques.Or based on statistical techniques.
Let’s Use Data MiningLet’s Use Data Mining Identify specific MIB variables along with queue Identify specific MIB variables along with queue
parameters to feed an intelligent data mining parameters to feed an intelligent data mining algorithmalgorithm
Train and validate a model that will supply each Train and validate a model that will supply each node in the network with an early warning systemnode in the network with an early warning system
SNMP standard will be employed to capture the SNMP standard will be employed to capture the MIB data. MIB data.
A simulation of the proposed model has been A simulation of the proposed model has been build using OPNET as the network simulation build using OPNET as the network simulation model and Clementine (an SPSS tool) as the data model and Clementine (an SPSS tool) as the data analysis toolanalysis tool• OPNET represents network events through an event OPNET represents network events through an event
driven simulation engine and communication protocol driven simulation engine and communication protocol logic through finite state automatalogic through finite state automata
Steps to SuccessSteps to Success
• The experiment consisted of several The experiment consisted of several stages:stages:
Data CollectionData Collection Feature ExtractionFeature Extraction Feature SelectionFeature Selection Model BuildingModel Building Model ValidationModel Validation Model DeploymentModel Deployment
Data CollectionData Collection
Information regardingInformation regarding• the arrival and departure rate of traffic at that the arrival and departure rate of traffic at that
node (MIB variables such as node (MIB variables such as ipInReceivesipInReceives, , ipForwDatagrams ipForwDatagrams and and ipOutDiscards)ipOutDiscards)
• the status of the queue at the bottleneck - the status of the queue at the bottleneck - pseudoMIB variables (queue statistics which pseudoMIB variables (queue statistics which are logged)are logged)
• level of congestion at that node. level of congestion at that node. • A variable for the congestion, the Congestion A variable for the congestion, the Congestion
Indicator (CI) is logged, indicating the state of Indicator (CI) is logged, indicating the state of the network at a given timethe network at a given time
Feature Extraction and SelectionFeature Extraction and Selection
Feature ExtractionFeature Extraction• relationships are found between the various parameters and relationships are found between the various parameters and
the CIthe CI• several parameters are considered to be related to congestion: several parameters are considered to be related to congestion:
rate of change of input, rate of change of discard, available rate of change of input, rate of change of discard, available buffer space and the rate of traffic entering and leaving the buffer space and the rate of traffic entering and leaving the nodenode
Feature SelectionFeature Selection• a statistical test is used to determine the behavior of the a statistical test is used to determine the behavior of the
different variables during congestion periods. This particular t-different variables during congestion periods. This particular t-test is for two samples and unequal variances. test is for two samples and unequal variances.
• two ways the test parameters can be analyzedtwo ways the test parameters can be analyzed univariate analysis where parameters are analyzed in isolation univariate analysis where parameters are analyzed in isolation multi-variate analysis – analyzing the significance of each multi-variate analysis – analyzing the significance of each
parameter in relation to the others parameter in relation to the others • Results from the test indicate that the ratio of available buffer Results from the test indicate that the ratio of available buffer
space to the difference between input and output traffic rate is space to the difference between input and output traffic rate is the most indicative of congestionthe most indicative of congestion
Model Building and ValidationModel Building and Validation The results are used to successfully build a The results are used to successfully build a
training modeltraining model• three input variables: the CI, the ratio and the change in three input variables: the CI, the ratio and the change in
input rate (which was also found significant in regards to input rate (which was also found significant in regards to congestion)congestion)
Decision tree approachDecision tree approach• Classification and Regression Trees (CaRT)Classification and Regression Trees (CaRT)• Reasoning: the data set can be clearly partitioned into Reasoning: the data set can be clearly partitioned into
well defined classes – levels of severity of congestion at well defined classes – levels of severity of congestion at the network nodethe network node
Model Validation phase showed that in all cases Model Validation phase showed that in all cases the accuracy achieved was greater than 98%.the accuracy achieved was greater than 98%.
Some Thoughts For the FutureSome Thoughts For the Future Q: What happened to Model DeployementQ: What happened to Model Deployement
• A: Not ready yet!A: Not ready yet! So far the proposed network management So far the proposed network management
system has proved to be accurate in system has proved to be accurate in predicting congestionpredicting congestion
However we need also:However we need also:• ability to identify symptoms of early congestion ability to identify symptoms of early congestion
using statistical techniques such as time series using statistical techniques such as time series analysis. analysis.
• control approaches to be identified control approaches to be identified • full automation and learning online in real full automation and learning online in real
time. time.
ReferencesReferences
Kurose, James F., and Keith W. Ross. Kurose, James F., and Keith W. Ross. Computer Neworking: A Top-Down Computer Neworking: A Top-Down ApproachApproach. . Boston : Pearson/Addison Boston : Pearson/Addison Wesley, c2008Wesley, c2008
Kulkarni, P. G., et al. Kulkarni, P. G., et al. “Deploying MIB “Deploying MIB Data Mining for Proactive Network Data Mining for Proactive Network Management. Management. 3rd International IEEE 3rd International IEEE Conference Intelligent SystemsConference Intelligent Systems, , September 2006. pp. 506-511September 2006. pp. 506-511